A certificate verification flaw was found in the JSSE component of OpenJDK. No check was preformed during the TLS session resumption to ensure that the same endpoint identification algorithm had been used when originally opening the session as was required when resuming the session. In certain cases, this could lead to having TLS connection established without required server identity verification.
Public now via Oracle CPU October 2018: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html#AppendixJAVA The issue was fixed in Oracle JDK 11.0.1, 8u191, 7u201, and 6u211.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:2942 https://access.redhat.com/errata/RHSA-2018:2942
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:2943 https://access.redhat.com/errata/RHSA-2018:2943
OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/7f473886abb4 OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/781b5d8f2f75
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:3007 https://access.redhat.com/errata/RHSA-2018:3007
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:3008 https://access.redhat.com/errata/RHSA-2018:3008
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:3000 https://access.redhat.com/errata/RHSA-2018:3000
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:3001 https://access.redhat.com/errata/RHSA-2018:3001
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 7 Via RHSA-2018:3002 https://access.redhat.com/errata/RHSA-2018:3002
This issue has been addressed in the following products: Oracle Java for Red Hat Enterprise Linux 6 Via RHSA-2018:3003 https://access.redhat.com/errata/RHSA-2018:3003
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3350 https://access.redhat.com/errata/RHSA-2018:3350
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:3409 https://access.redhat.com/errata/RHSA-2018:3409
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3521 https://access.redhat.com/errata/RHSA-2018:3521
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:3533 https://access.redhat.com/errata/RHSA-2018:3533
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:3534 https://access.redhat.com/errata/RHSA-2018:3534
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:3671 https://access.redhat.com/errata/RHSA-2018:3671
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:3672 https://access.redhat.com/errata/RHSA-2018:3672
This issue has been addressed in the following products: Red Hat Satellite 5.6 Red Hat Satellite 5.7 Via RHSA-2018:3779 https://access.redhat.com/errata/RHSA-2018:3779
This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2018:3852 https://access.redhat.com/errata/RHSA-2018:3852